[tor-bugs] #20638 [Core Tor/Tor]: Non-anonymous single-hop HS enabled tor doesn't detect already existing anonymous, HS at start-up
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Nov 17 03:25:31 UTC 2016
#20638: Non-anonymous single-hop HS enabled tor doesn't detect already existing
anonymous, HS at start-up
--------------------------+------------------------------------
Reporter: ahf | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.2.9.x-final
Component: Core Tor/Tor | Version: Tor: 0.2.9.3-alpha
Severity: Normal | Resolution:
Keywords: tor-hs, sos | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+------------------------------------
Changes (by arma):
* cc: asn, teor (added)
Comment:
Replying to [comment:1 ahf]:
> It seems like at the initial start of `tor` that the:
>
> {{{
> if (!rend_service_list) { /* No global HS list. Nothing to see here. */
> return 0;
> }
> }}}
>
> path in in `rend_service_list_verify_single_onion_poison()` is taken,
which will make the start up of tor proceed.
Looks plausible!
It looks like this code went in during commit b560f852, as part of ticket
#17178. So I cc asn and teor since they're listed on that commit. :)
rend_service_list_verify_single_onion_poison() is called from inside
options_validate_single_onion() which is called from inside
options_validate(), which is the function used to examine the new proposed
'options' set before acting on any of them. So it is not right for a
function inside options_validate() to try to look at the
rend_service_list.
Better would be to either move that
rend_service_list_verify_single_onion_poison() check to options_act()
after it's called rend_config_services(), or to change
rend_config_services() so it does the checks you want when validate_only
is true, i.e. when it's being called from options_validate. I'd be weakly
inclined towards the latter approach, because this is exactly the sort of
thing that counts as "checking to see if you're going to like the new
options, before committing to them". Specifically, see the
rend_service_check_private_dir() calls in rend_config_services() -- maybe
that's a good place for doing this further examination of the directory?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20638#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list